UNIX bases OSes are very difficult to hack. There are no viruses, as that concept doesn’t work in Unix. Without the root passwd there is very little distruction that can take place. Believe me.
But the results show that when somebody puts in the work to enter that undiscovered country, that Macs prove as hackable as Windows computers or more so.
Luring the user to a suspect site in Safari, the VUPEN researcher remotely launched OS X's calculator app and wrote a file to the disc -- essentially paving the way for a full hijack of the machine. This was all done without the browser crashing or showing any irregularities.
He describes, "The victim visits a web page, he gets owned. No other interaction is needed."
The victim would likely think they merely clicked on a bad URL.
Thats scary going to a webpage and getting pwned..
At least Windows users utilize proactive defenses that block bad or otherwise malicious websites..
quit blowing smoke.
I believe everyone on this thread.
They are all so smart!
The root password is irrelevant if you can just overflow a buffer (or even worse, the runtime stack) and execute malicious code. OSX’s problem is its lack of memory protection, which is fairly common among *nix systems.
It is not clear from the article if he got root or not.
But once in with a user shell, he should be able to launch a privilege escalation attack.
Not true. Tom Duff regaled us of his first UNIX virus at a USENIX breakout session in 1988. The basic infection technique is to read the executable header, identifying the starting address for the code segment, save it, add your own code to the end of the code segment, patch the start address to run your "virus" code, then patch a section of your "virus" code to run the original entry point. Your "virus" can then scan all the executables in the current directory and PATH and infect all that you can successfully write. The technique works and spreads like wildfire in an environment with NFS mounted filesystem to "share" the garbage.
No. Linux/UNIX can be hacked just like any other OS.
A hacker can modify an unprotected executable file, or a kernel load module, or even the disk sectors of an unprotected /dev/sda physical device. It takes only one mistake in securing a single file to blow up Linux completely.
For all the complaints about compatibility in Windows Vista/Win7, it does have extra security against those kinds of errors. x64 device drivers must be digitally signed with a Class 3 VeriSign Authenticode Certificate to load. Mandatory Integrity levels are enforced everywhere: all code runs in separate sandboxes based on the security level (Low, Medium, High, System). This is similar to TCB Orange Book used by the military for mandatory security levels (Unclassified, Secret, Top Secret, etc). Files in the TCB are owned by TrustedInstaller and cannot be modified even by super-users (Administrators).
Linux/UNIX has a ways to go to catch up to Win7 in terms of security.